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Design: Incremental and Distributed 


• Designs are constructed incrementally to meet requirements 
and solve problems 

- Requirements types: objectives, scenarios, constraints, ilities... 

- Problem/issue types: risk/safety, cost/difficulty, interaction, conflict... 

• So, capture requirements, problems and solutions 

- Collect design and analysis products and make them accessible for 
integration and analysis 

- Link changes in design requirements, problems and solutions 

- Harvest design data for design models and choice structures 

• System designs are constructed by multiple groups 
designing interacting subsystems 

- Diverse problems, choice criteria, analysis methods and point 
solutions 

• So, support integration and global analysis of repercussions 

- System implications of point solutions 

- Broad analysis of interactions beyond totals of mass, cost... 2 
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ollect and Access Design Products 


Team Work Center Examples 
Workspace Issue Tracking (WorkIT) 
tool example for diverse products 

- Team workspaces that organize 
selected relevant products and 
excerpts for access and reuse 

- Actions, Files, Links, Notes, Logs of 
status and tasks 

- “Add Item” pages provide easy way to 
include metadata for search and 
reports 

Logger tool example of making it 
easy: effortless metadata collection 
for use in reports and searches 

- Quick menu attaches metadata while 
pasting selected text from the menu 
into a log entry 

- User groups can customize the 
metadata categories and the Quick 
menu to capture what’s important 
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Harvest Design Data for Analysis 


• Convert text - Reconciler parser/matcher 

- Requirements and constraints 

- Objectives, risks and mitigations 

- Procedure information and scenarios 

• Match and map XML/RDF/OWL models 

- Map requirements to design representations 

• Phase/activity/operation, function, equipment, interaction/interface, 
constraint 

- Map problems to design structures 

- Map solutions to problem structures 

• Collect metadata from process 

- New and changed conceptual design models that are 
elaborated to address design issues 

• Countermeasures, mitigations, solutions 


4 

NASA JSC Automation, Robotics & Simulation - 


Hazard 


Identification Tool 


Example 


Convert requirements and risk text to derive early model 


[C.1] Telecommunication Subsystem 

• [C.1 .1] The CDHC sends the TeleSub a 
compressed picture. [FG.1] [TeleSub C.1. 4] 

• [C.1. 2] The CDHC sends the TeleSub telemetry. 
[FG.2] [FR.1] [FR.5] [TeleSub C.1. 5] 

• [C.1. 3] The CDHC sends In View of Ground 
alerts to the TeleSub. [DP. 5. 6] [TeleSub C.1 .6] 

• [C.1 .4] The CDHC receives plan files from the 
TeleSub. [FR.3] [TeleSub C.1. 3] 

• [C.1. 5] The CDHC receives ground commands 
from the TeleSub. [FR.3] [TeleSub C.1 .2] 

• [C.1. 6] The CDHC receives the TeleSub 
operating state from the TeleSub. [DP. 5. 5] 
[TeleSub C.1. 1] 

[C.2] Camera Subsystem 

• [C.2.1] The CDHC sends the Camera a "take 
picture" command. [FG.2] [FR.1] [FR.3] 

• [C.2. 2] The CDHC sends the Camera x, y and z 
gimballing coordinates. [FG.2] [FR.1] [FR.3] 

• [C.2. 3] The CDHC sends a turn on command to 
the Camera. [DP. 5. 3] [H Constraint 1.1.4] 

• [C.2.4] The CDHC sends a turn off command to 
the Camera. [DP. 5. 3] 

• [C.2. 5] The CDHC receives a compressed 
picture file from the Camera. [FG.1] [FG.2] [FR.1] 

[C.4] Attitude Determination Subsystem 

• [C.4.1] The CDHC receives an In View of 
Ground alert from the ADS. [DP. 5. 6] [ADS] 

• [C.4. 2] The CDHC receives the ADS operating 
state from the ADS. [DP. 5. 5] [ADS] 


Reconciler 
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Hazard Identification Tool (HIT) 
Model Maker (currently manual) 


Requirements Model (Shift type) 

• Function: Transfer (“Send”) 

• Agent: System (“CDHC”) 

• Affected Operand: Information 
(“telemtry”) 

• Source: “CDHC” 

• Destination/Goal: System 
(“Telesub”) 

• Path Type: Information/Signal 

• Resource conditions: ? 

• Activation/conditions: ? 

• Effect value/measures: ? 

Counteraction Model (Replace type) 

• Counteract Function: Replace 
(“Redundancy”) 

• Agents/contributors: ? 

• Replaced: “Transmitter” 

• Replacement: “Transmitter Spare” 

• Affected Risk (link to): “Telecom Sub... 

Failure... Transmitter” * 
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Counteraction leads to next telecomm model 
version with redundant transmitters 
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Analyze Repercussions Early 
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X-h Spacecraft Hazard Reachability Analysis 


□ X 


Vulnerable Component [xmitterl] when in Mode [Sending], 

Threat Component [Thermal Syst] when in Mode [TCS-ON] 

Transmitted Threat [Electrical-Noise-Thermal-Sys] Carried by [Power] connection 


Vulnerable Component [xmitter2] when in Mode [Sending], 

Threat Component [Thermal Syst] when in Mode [TCS-ON] 

Transmitted Threat [Electrical-Noise-Thermal-Sys] Carried by [Power] connection 


HIT Spacecraft Model Interaction Analysis 


Mapped Model and Scenarios from HIT to CONFIG 


HIT Early Spacecraft Telecom Model 

(Redundant Transmitters, Power, Thermal Control) 

Analyze interaction pairs and paths (HIT) 

- HIT: Hazard-vulnerability pairs and possible paths 

Simulate abstract operational scenarios (CONFIG) 

- Transmitter is abstract server with limited service rate (bandwidth) 
normalized to 1 .0 capacity. 

- Science and engineering memory are clients with total load of 0.8. 

- When TCS is turned ON, noise travels from TCS to Xmitters via 
power connections and takes up 0.3 of capacity. 

- Xmitter 1 is overloaded (total 1.1 “requested”), changing transmitter 
data rate proportionally to 0.8/1 .1 = 0.723 (too slow). 

- Controller unsuccessfully tries to compensate by switching to 
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Added TCS is another noise 
source. This noise can pass to 
vulnerable Telesub transmitters 
along Power distribution lines. 
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backup Xmitter2, but transmission rate is unchanged. 
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Capture: Tame the Work Explosion 

• Helpful Capture Tools 

- Primary goal is to get later long-term benefit when revisit or 
change the design 

• Reuse of design and analyses 

• Upgrades, repairs, accident analysis 

• Handling changing requirements, systems and environments 

- Provide short-term benefit to balance added short-term effort 

• Help capturing diverse types of design products 

• Help integrating information 

• Help search, access and get reports from diverse perspectives 

- Make metadata collection effortless 

• Help prioritizing decisions and areas for problem solving 

• Provide standard elements: Libraries and ontologies 

- Provide default requirements, problems, issues and solutions 

- Map and match diverse structures and representations 

- Accommodate and highlight special and new data 

• In our story, the revised countermeasure for TCS noise 
has links to supporting analysis and simulation results 7 
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